summaryrefslogtreecommitdiff
path: root/lib/libc
AgeCommit message (Collapse)Author
2022-01-21In 1999 fd_set overflowing beyond FD_SETSIZE became enough of a problem that ITheo de Raadt
changed the entire tree to use fd_set allocation, and this manpage documented the "calloc(howmany(max+1, NFDBITS), sizeof(fd_mask))" idiom. Since then we completed converting the entire tree to poll(2), for many reasons, even ssh/sshd. Now the use of kernel-only sys/param.h-found howmany() and related macross grate on me, so it is time to recommend use of poll(2) instead. [On a related note, MacOS poll(2) is been dangerously broken for many years; that is their problem to handle as the whole ecosystem joins us in pivoting select -> poll) ok millert
2022-01-21Document EAGAIN error return, as specified by POSIX.Todd C. Miller
Our poll does not use EAGAIN but code needs to handle it for portability. OK deraadt@ visa@
2022-01-20remove unused variable from all copies of _asr_strdname()Christian Weisgerber
... including those inlined into print_dname(). This also fixes -Wunused-but-set-variable warnings warnings in smtpd and smtpctl. The code was imported with asr and then copied around. ok deraadt@ guenther@
2022-01-11spellingJonathan Gray
2022-01-06refer to longindex as an argument, not a field;Jason McIntyre
from uwe@netbsd -r1.22 ok millert
2022-01-05funopen(): change seekfn argument to use off_t, not fpos_tTodd C. Miller
On BSD, fpos_t is typedef'd to off_t but some systems use a struct. This means fpos_t is not a portable function argument or return value. Both FreeBSD and the Linux libbsd funopen() have switched to off_t for this--we should too. From Joe Nelson. OK deraadt@
2022-01-02Don't use *ENTRY_NB() with END_BUILTIN(), at least yetPhilip Guenther
Problem noted by naddy@
2022-01-01Add ENTRY_NB() macro for doing an ASM function entry without settingPhilip Guenther
the binding to global (NB == "no binding"), as clang 13 is now warning about changing the binding from global to weak. This first pass does amd64 and sparc64 and pulls DEFS.h out of the per-arch directory to a common directory; others to follow ok kettenis@
2022-01-01failured -> failedJonathan Gray
2021-12-25Update to reflect changes over the last six yearsPhilip Guenther
2021-12-23Roll the syscalls that have an off_t argument to remove the explicit padding.Philip Guenther
Switch libc and ld.so to the generic stubs for these calls. WARNING: reboot to updated kernel before installing libc or ld.so! Time for a story... When gcc (back in 1.x days) first implemented long long, it didn't (always) pass 64bit arguments in 'aligned' registers/stack slots, with the result that argument offsets didn't match structure offsets. This affected the nine system calls that pass off_t arguments: ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate To avoid having to do custom ASM wrappers for those, BSD put an explicit pad argument in so that the off_t argument would always start on a even slot and thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use __syscall() and pass an extra '0' argument. The ABIs for different CPUs eventually settled how things should be passed on each and gcc 2.x followed them. The only arch now where it helps is landisk, which needs to skip the last argument register if it would be the first half of a 64bit argument. So: add new syscalls without the pad argument and on landisk do that skipping directly in the syscall handler in the kernel. Keep compat support for the existing syscalls long enough for the transition. ok deraadt@
2021-12-16Document the failure mode if size is too small and mention thatTodd C. Miller
allocating space when buf is NULL is an extension more prominently. Clarify that getwd() is deprecated and should not be used. Mention EFAULT errno value for invalid (non-NULL) buf. OK deraadt@ jmc@
2021-12-16getwd(3): don't malloc space for buf if it is NULLTodd C. Miller
The 4.3BSD getwd(3) did not malloc space, use __getcwd(2) directly so the compat function doesn't either. OK deraadt@
2021-12-13including sys/cdefs.h manually started as a result of netbsd trying toTheo de Raadt
macro-build a replacement for sccsid, and was done without any concern for namespace damage. Unfortunately this practice started infecting other code as others were unaware they didn't need the file. ok millert guenther
2021-12-11doubled word; from Leon FischerTheo Buehler
2021-12-08lsearch(3): reimplement using lfind(3)Scott Soule Cheloha
lsearch(3) is really just lfind(3) with an additional branch to append the key if lfind(3) fails. If we get rid of the underlying linear_base() function and move the search portion into lfind(3) and the key-copying portion into lsearch(3) we get smaller and simpler code. Misc. notes: - We do not need to keep the historical comment about errno. lsearch(3) is pure computation and does not set errno. That's really all you need to know. The specification reserves no errors, either. - We are using lfind(3) internally now, so it switches from PROTO_DEPRECATED to PROTO_NORMAL in hidden/search.h and needs DEF_WEAK in stdlib/lsearch.c. With advice from guenther@ on symbol housekeeping in libc. Thread: https://marc.info/?l=openbsd-tech&m=163885187632449&w=2 ok millert@
2021-12-07The ypproto buffer (which supports + lines in master.passwd) was correctTheo de Raadt
length for maximum amount of strings, but forgot about the struct passwd taken from the start, and it isn't clear if the missing non-string elements cover for that shortage. It would require misconfiguration by root to exceed the buffer. As well, the strings don't need to be aligned, and thus sys/param.h isn't needed for ALIGN() ok millert
2021-12-07lsearch(3): append key to array with memmove(3) instead of memcpy(3)Scott Soule Cheloha
If the key overlaps the end of the array, memcpy(3) mutates the key and copies a corrupted value into the end of the array. If we use memmove(3) instead we at least end up with a clean copy of the key at the end of the array. This is closer to the intended behavior. With input from millert@ and deraadt@. Thread: https://marc.info/?l=openbsd-tech&m=163880307403606&w=2 ok millert@
2021-12-07sleep.3: miscellanous cleanup, rewritesScott Soule Cheloha
Highlights: - Tighten up the NAME. - "process" -> "thread". - Tidy up the DESCRIPTION. In particular, omit discussion of the historial SIGALRM-based implementation. - Simplify RETURN VALUES. - Add an ERRORS section, note that sleep(3) can set EINTR. - Update STANDARDS to POSIX.1-2008. - Note that setting errno is an extension to the spec. Discussed with and revised by jmc@, deraadt@, millert@, and schwarze@. With a history lesson from jsg@. Thread: https://marc.info/?l=openbsd-tech&m=162718445809428&w=2 "the changes read fine to me" jmc@, ok millert@ schwarze@
2021-12-06gettimeofday.2: miscellaneous manpage cleanupScott Soule Cheloha
Highlights: - Tweak the one-liner description. - Better variable names. - Reorder DESCRIPTION to reflect the importance of each interface. - Advise against using gettimeofday(2) for measuring elapsed time. - Isolate discussion of the historical timezone parameter to its own paragraph at the end of the DESCRIPTION. - Update ERRORS. Mention the securelevel(7) EPERM for settimeofday(2). - Expand SEE ALSO. - Note settimeofday(2) in STANDARDS. It is available on many systems. Discussed with jmc@, millert@, and deraadt@. Possibly discussed with schwarze@, though I can't find the email. Thread: https://marc.info/?t=162765632800002&r=1&w=2 "reads fine to me" jmc@, ok millert@
2021-12-06time.3: miscellaneous manpage cleanupScott Soule Cheloha
- Change "tloc" variable to "now" to reinforce meaning. - Simplify DESCRIPTION. - No point in describing how gettimeofday(2) can fail here. - Add a STANDARDS section. - Rework the HISTORY section. With input from jmc@, millert@, and schwarze@. Thread: https://marc.info/?l=openbsd-tech&m=162766815024823&w=2 "reads fine" jmc@, ok schwarze@
2021-12-02bsearch(3): support arrays with more than INT_MAX elementsScott Soule Cheloha
The "lim" variable needs to be a size_t to match nmemb, otherwise we get undefined behavior when nmemb exceeds INT_MAX. Prompted by a blog post by Joshua Bloch: https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html Fixed by Chris Torek a long time ago: https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup ok millert@
2021-11-29A few sys/param.h annotations lacked ALIGNBYTESTheo de Raadt
2021-11-29Niels agreed to remove the advertising clause; switching theseDamien Miller
to 3-term BSD license.
2021-11-27Make brk() and sbrk() weak again to fix build with clang 13.Visa Hankala
OK jsg@
2021-11-24Describe what RES_USE_DNSSEC does and how it's affected by trust-adJeremie Courreges-Anglas
ok florian@
2021-11-22Implement rfc6840 (AD flag processing) if using trusted name serversJeremie Courreges-Anglas
libc can't do DNSSEC validation but it can ask a "security-aware" resolver to do so. Let's send queries with the AD flag set when appropriate, and let applications look at the AD flag in responses in a safe way, ie clear the AD flag if the resolvers aren't trusted. By default we only trust resolvers if resolv.conf(5) only lists name servers on localhost - the obvious candidates being unwind(8) and unbound(8). For non-localhost resolvers, an admin who trusts *all the name servers* listed in resolv.conf(5) *and the network path leading to them* can annotate this with "options trust-ad". AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch SSHFP records in a secure manner, and tightens the situation for other applications, eg those using RES_USE_DNSSEC for DANE. It should be noted that postfix currently assumes trusted name servers by default and forces RES_TRUSTAD if available. RES_TRUSTAD and "options trust-ad" were first introduced in glibc by Florian Weimer. Florian Obser (florian@) contributed various improvements, fixed a bug and added automatic trust for name servers on localhost. ok florian@ phessler@
2021-11-21improve legibility of structs in several manpagesJan Klemkow
General uses tabs for general indentation and 4 spaces on tight spots. Also uses extra space to align pointers and non-pointers as we do this on certain places in our source. with improvements from schwarze@ OK schwarze@
2021-11-16Remove an old note about poor performanceVisa Hankala
The new kqueue-based poll/select implementation does not suffer from select collisions. OK cheloha@, millert@
2021-11-05Zap unused variablesKlemens Nanni
OK martijn
2021-11-03mention hw.powerJonathan Gray
ok deraadt@
2021-10-31document that fileno(3) returns -1 for some kinds of FILE * objects;Ingo Schwarze
triggerd by but simpler than a similar patch sent in by Simon Branch <simonmbranch at gmail dot com>; OK millert@ jmc@
2021-10-29add missing .h file includeTheo de Raadt
from Emil Engler
2021-10-25Revert accidental change.Jeremie Courreges-Anglas
Dunno why this ended up here, cvs is always full of surprises.
2021-10-25Make brk() and sbrk() weak again as intended.Jeremie Courreges-Anglas
Apparently spotted by mortimer@ while working on clang 13 and amd64. No actual change on sparc64 as this architecture still uses ld.bfd. ok kettenis@
2021-10-25Make brk() and sbrk() weak again as intended.Mark Kettenis
ok jca@
2021-10-24For open/openat, if the flags parameter does not contain O_CREAT, theTheo de Raadt
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past have passed mode_t (0, 044, 0644, or such), which might lead future people to copy this broken idiom, and perhaps even believe this parameter has some meaning or implication or application. Delete them all. This comes out of a conversation where tb@ noticed that a strange (but intentional) pledge behaviour is to always knock-out high-bits from mode_t on a number of system calls as a safety factor, and his bewilderment that this appeared to be happening against valid modes (at least visually), but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef. ok millert
2021-10-24use O_RDONLY instead of 0 as open() flags parameterTheo de Raadt
2021-10-24ansiJonathan Gray
ok mpi@ deraadt@
2021-10-23spread some ipcrm/ipcs Xr; from mikhailJason McIntyre
ok schwarze
2021-10-22After deleting hifn(4) the only provider for the LZS compressionAlexander Bluhm
algorithm is gone. Reomve all LZS references from the tree. The v42bis in isakmpd also looks unsupported. OK mvs@ patrick@ sthen@
2021-10-22Put back sys/types.h and sys/socket.h. The latter was unintentionallyTheo Buehler
removed and the former is still needed, as pointed out by kettenis
2021-10-22Fix some ghastly whitespace. From Martin VahlensieckTheo Buehler
2021-10-22Use unsigned char instead of u_char in base64.c. This is a mildTheo Buehler
portability annoyance since not all systems have u_char. Remove the now unused includes sys/types.h and stdio.h. u_char diff from Jonas Termansen ok deraadt
2021-10-13Provide realpath(1)Klemens Nanni
A tiny realpath(3) wrapper to make a porter's life easier. Feedback kettenis deraadt cheloha sthen OK cheloha martijn deraadt
2021-10-11does not need arpa/nameser.hTheo de Raadt
2021-10-08group the SO_PEERCRED text more logically and mark it read only;Jason McIntyre
diff from chohag jtan com ok claudio
2021-09-22use mmap() instead of alloca(), so that argv memory overflow leading toTheo de Raadt
execve can be detected better reported by Alejandro Colomar, ok millert
2021-09-19Switch two calls from memset() to explicit_bzero()Theo Buehler
This matches the documented behavior more obviously and ensures that these aren't optimized away, although this is unlikely. Discussed with deraadt and otto
2021-09-17sys/param.h is not needed in these filesTheo de Raadt